Skip to content

Jessica Hawkwell / server-management

Go to a project
Commit 7102ef9d by Jessica Hawkwell
Options

Adding LOTS of content.

1 parent efecef56
Inline Side-by-side
Showing with 591 additions and 0 deletions
pom.xml 0 → 100644
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.starphoenixmedia</groupId>
<artifactId>server-management</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>pom</packaging>
<description>SPM GitLab CE Server Configuration and Documentation</description>
<name>Server Management</name>
<url>${gl.pages}</url>
<organization>
<name>StarPhoenix Media</name>
<url>http://starphoenixmedia.com/</url>
</organization>
<prerequisites>
<maven>3.0.0</maven>
</prerequisites>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<tag>master</tag>
<rev>~${env.USER}</rev>
<fulltag>${tag}/${rev}</fulltag>
<fullver>${project.name} ${project.version} (${fulltag})</fullver>
<gl.group>LadySerenaKitty</gl.group>
<gl.group-url>ladyserenakitty</gl.group-url>
<gl.name>server-management</gl.name>
<gl.url>https://felinewith.me/${gl.group-url}/${gl.name}</gl.url>
<gl.pages>https://${gl.group-url}.felinewith.me/${gl.name}/</gl.pages>
</properties>
<distributionManagement>
<repository>
<id>releases</id>
<name>SPM Releases</name>
<url>https://mvn.felinewith.me/repository/releases/</url>
</repository>
<snapshotRepository>
<id>snapshots</id>
<name>SPM Snapshots</name>
<url>https://mvn.felinewith.me/repository/snapshots/</url>
</snapshotRepository>
<site>
<id>Main</id>
<name>Server Management</name>
<url>${gl.pages}</url>
</site>
</distributionManagement>
<issueManagement>
<system>GitLab</system>
<url>${gl.url}/issues</url>
</issueManagement>
<ciManagement>
<system>GitLab CI</system>
<url>${gl.url}/pipelines</url>
</ciManagement>
<scm>
<connection>scm:git:${gl.url}.git</connection>
<developerConnection>scm:git:[email protected]:${gl.group-url}/${gl.name}.git</developerConnection>
<tag>${tag}</tag>
<url>${gl.url}/blob/${tag}/</url>
</scm>
<developers>
<developer>
<id>LadySerenaKitty</id>
<name>Jessica Hawkwell</name>
<email>[email protected]</email>
<organization>StarPhoenix Media</organization>
<organizationUrl>http://starphoenixmedia.com/</organizationUrl>
<properties>
<gab>@LadySerenaKitty</gab>
</properties>
<roles>
<role>Owner</role>
<role>Administrator</role>
<role>Developer</role>
</roles>
<timezone>-4</timezone>
</developer>
</developers>
<repositories>
<repository>
<id>releases</id>
<name>SPM Releases</name>
<url>https://mvn.felinewith.me/repository/releases/</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
<repository>
<id>snapshots</id>
<name>SPM Snapshots</name>
<url>https://mvn.felinewith.me/repository/snapshots/</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
<repository>
<id>internal</id>
<name>SPM Internal</name>
<url>https://mvn.felinewith.me/repository/internal/</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.6.1</version>
<configuration>
<showDeprecation>true</showDeprecation>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-site-plugin</artifactId>
<version>3.6</version>
<executions>
<execution>
<id>attach-site</id>
<phase>prepare-package</phase>
<configuration>
<classifier>site</classifier>
</configuration>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
<reporting>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-changelog-plugin</artifactId>
<version>2.3</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-changes-plugin</artifactId>
<version>2.12.1</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-doap-plugin</artifactId>
<version>1.2</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-project-info-reports-plugin</artifactId>
<version>2.9</version>
</plugin>
</plugins>
</reporting>
<dependencies>
<dependency>
<groupId>org.apache.maven.doxia</groupId>
<artifactId>doxia-module-markdown</artifactId>
<version>1.7</version>
</dependency>
</dependencies>
<profiles>
<profile>
<id>ci</id>
<activation>
<property>
<name>env.CI_COMMIT_REF_NAME</name>
</property>
</activation>
<properties>
<!-- Override only if necessary -->
<tag>${env.CI_COMMIT_REF_NAME}</tag>
</properties>
</profile>
<profile>
<id>rev-env</id>
<activation>
<property>
<name>env.GIT_REV</name>
</property>
</activation>
<properties>
<!-- Override only if necessary -->
<rev>${env.GIT_REV}</rev>
</properties>
</profile>
<profile>
<id>rev-cli</id>
<activation>
<property>
<name>git-rev</name>
</property>
</activation>
<properties>
<!-- Override only if necessary -->
<rev>${git-rev}</rev>
</properties>
</profile>
</profiles>
</project>
src/site/markdown/gitlab.md 0 → 100644
# Installation
## Gitaly and gRPC vs. FreeBSD
We cannot use our standard platform, [FreeBSD], because [Gitaly] uses [gRPC]. Gitaly is an [RPC] mechanism which
exposes git via RPC either locally or over a network. The end goal of Gitaly is to make `git` calls faster through
caching (when available) but also to avoid the overhead of [NFS]. Even though it is designed primarily for network
use, it should still provide at least some performance enhancement when everything is running in `localhost mode`.
While the goal of Gitaly is grand, the implementation leaves a bit to be desired, specifically the use of gRPC. Google
appears to have designed gPRC specifically to not build on FreeBSD. However, there is a way to install the gRPC library
on FreeBSD through the Ports Collection, in `devel/grpc`. Unfortunately, the ruby gem for gRPC does not check if this
library exists. Rather, the gem compiler will always build the gRPC library for use in wrapping it to make a Ruby
Native Extension. Due to the fact the gem does not check to see if the gRPC library is already installed, it cannot be
built on a FreeBSD system. Worse still, the gRPC team and/or Google does not consider FreeBSD a priority.
* https://github.com/grpc/grpc/issues/10411
* https://github.com/grpc/grpc/issues/9721
## GitLab CI and Docker
We were unable to configure `gitlab-ci-multi-runner` to use the [Docker] runner. Installation **always** fails when
executing `/usr/lib/gitlab-runner/mk-prebuilt-images.sh` at the `cdebootstrap` command. If this worked, we would be
using `gitlab-ci-multi-runner` in `Docker` configuration, rather than the current `shell` configuration. Using the
`Docker` configuration would mean we would no longer need to configure our server to handle all build tasks.
[FreeBSD]: https://freebsd.org/
[Gitaly]: https://gitlab.com/gitlab-org/gitaly
[gRPC]: http://grpc.io/
[NFS]: https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-nfs.html
[Docker]: https://docker.io/
src/site/markdown/nginx-archiva.md 0 → 100644
# nginx configuration for Archiva
Archiva only needs a basic HTTP Proxy configuration with [CloudFlare] Origin SSL.
```archiva.conf
server {
listen 0.0.0.0:80;
listen [::]:80;
listen 0.0.0.0:443 ssl http2;
listen [::]:443 ssl http2;
server_name mvn.felinewith.me; ## Replace this with something like gitlab.example.com
server_tokens off; ## Don't show the nginx version number, a security best practice
ssl on;
ssl_certificate /***/cf_cert.pem;
ssl_certificate_key /***/cf_key.key;
access_log /var/log/nginx/archiva_access.log;
error_log /var/log/nginx/archiva_error.log;
rewrite ^/repository/([^/]+)/.index/(.*)? /repository/$1/.indexer/$2 last;
location / {
client_max_body_size 0;
gzip on;
gzip_static on;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
set $ssl off;
if ($scheme = https) { set $ssl on; }
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $http_cf_connecting_ip;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl $ssl;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade_gitlab;
proxy_set_header REMOTE_ADDR $http_cf_connecting_ip;
proxy_pass http://localhost:8880;
}
error_page 404 /404.html;
error_page 422 /422.html;
error_page 500 /500.html;
error_page 502 /502.html;
error_page 503 /503.html;
location ~ ^/(404|422|500|502|503)\.html$ {
root /home/git/gitlab/public;
internal;
}
}
```
[CloudFlare]: https://cloudflare.com/
src/site/markdown/nginx-gitlab-pages.md 0 → 100644
# nginx for GitLab
Only a few modifications here, for use with [CloudFlare] Origin SSL.
```
## GitLab
##
## Pages serving host
server {
listen 0.0.0.0:80;
listen [::]:80;
listen 0.0.0.0:443 ssl http2;
listen [::]:443 ssl http2;
## Replace this with something like pages.gitlab.com
server_name ~^([^\.]+)?.felinewith.me;
ssl on;
ssl_certificate /***/cf_cert.pem;
ssl_certificate_key /***/cf_key.key;
## Individual nginx logs for GitLab pages
access_log /var/log/nginx/gitlab_pages_access.log;
error_log /var/log/nginx/gitlab_pages_error.log;
root /home/git/gitlab/shared/pages/$1;
try_files public/$uri $uri @default;
location / {
set $ssl off;
if ($scheme = https) { set $ssl on; }
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $http_cf_connecting_ip;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl $ssl;
proxy_set_header REMOTE_ADDR $http_cf_connecting_ip;
# The same address as passed to GitLab Pages: `-listen-proxy`
proxy_pass http://localhost:8090/;
}
# Define custom error pages
error_page 403 /403.html;
error_page 404 /404.html;
}
```
[CloudFlare]: https://cloudflare.com/
src/site/markdown/nginx-gitlab.md 0 → 100644
# nginx for GitLab
Only a few modifications here, for use with [CloudFlare] Origin SSL.
```
## GitLab
##
## Lines starting with two hashes (##) are comments with information.
## Lines starting with one hash (#) are configuration parameters that can be uncommented.
##
##################################
## CONTRIBUTING ##
##################################
##
## If you change this file in a Merge Request, please also create
## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
##
###################################
## configuration ##
###################################
##
## See installation.md#using-https for additional HTTPS configuration details.
upstream gitlab-workhorse {
server unix:/home/git/gitlab/tmp/sockets/gitlab-workhorse.socket fail_timeout=0;
}
map $http_upgrade $connection_upgrade_gitlab {
default upgrade;
'' close;
}
## Normal HTTP host
server {
## Either remove "default_server" from the listen line below,
## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
## to be served if you visit any address that your server responds to, eg.
## the ip address of the server (http://x.x.x.x/)n 0.0.0.0:80 default_server;
listen 0.0.0.0:80;
listen [::]:80;
listen 0.0.0.0:443 ssl http2;
listen [::]:443 ssl http2;
server_name felinewith.me; ## Replace this with something like gitlab.example.com
server_tokens off; ## Don't show the nginx version number, a security best practice
ssl on;
ssl_certificate /***/cf_cert.pem;
ssl_certificate_key /***/cf_key.key;
## See app/controllers/application_controller.rb for headers set
## Real IP Module Config
## http://nginx.org/en/docs/http/ngx_http_realip_module.html
real_ip_header X-Real-IP; ## X-Real-IP or X-Forwarded-For or proxy_protocol
real_ip_recursive off; ## If you enable 'on'
## If you have a trusted IP address, uncomment it and set it
# set_real_ip_from YOUR_TRUSTED_ADDRESS; ## Replace this with something like 192.168.1.0/24
## Individual nginx logs for this GitLab vhost
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
root /home/git/gitlab/public;
try_files $uri @default;
location @default {
client_max_body_size 0;
gzip off;
gzip_static on;
## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
set $ssl off;
if ($scheme = https) { set $ssl on; }
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $http_cf_connecting_ip;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl $ssl;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade_gitlab;
proxy_set_header REMOTE_ADDR $http_cf_connecting_ip;
proxy_pass http://gitlab-workhorse;
}
error_page 404 /404.html;
error_page 422 /422.html;
error_page 500 /500.html;
error_page 502 /502.html;
error_page 503 /503.html;
location ~ ^/(404|422|500|502|503)\.html$ {
root /home/git/gitlab/public;
internal;
}
}
```
[CloudFlare]: https://cloudflare.com/
src/site/markdown/nginx.md 0 → 100644
## nginx
[nginx] is the preferred server for [GitLab], so we only have minimal configuration changes from the GitLab-provided
config files. Mostly, the config files were modified for use with [CloudFlare].
[nginx]: https://nginx.org/
[GitLab]: https://gitlab.org/
[CloudFlare]: https://cloudflare.com/
src/site/markdown/server-overall.md 0 → 100644
# Our Server
Unfortunately, we were not able to use [FreeBSD] for this server, due to the fact [gRPC] was specifically designed by
[Google] to not compile on FreeBSD. Yes, we are aware there is a working gRPC in ports, but that does not help build
the unbuildable rubygem.
[FreeBSD]: https://freebsd.org/
[gRPC]: http://www.grpc.io/
[Google]: https://developers.googleblog.com/2015/02/introducing-grpc-new-open-source-http2.html
src/site/markdown/your-tools.md 0 → 100644
# Your Basic Tools
When using this server, the following configuration snips will be useful.
These config files should be in these default locations:
| Tool | Location |
| --- | --- |
| SSH | `~/.ssh/config` |
| Git | `~/.gitconfig` |
| Maven | `~/.m2/settings.xml` |
Depending on your system, your home folder (`~`) may be located somewhere other than `/usr/home/<username>/`. For
your convenience, we have listed a few known systems below.
| System | Home Folder |
| --- | --- |
| macOS | `/Users/<username>/` |
| Solaris | `/export/home/<username>/` |
| Haiku | `/home/` |
| Windows | `C:\\Users\\<username>\\` |
| Others | Please refer to your system's documentation. |
## SSH
Before you can commit using SSH, you need to import your SSH public key to your GitLab account: [SSH Keys]
```ssh.config
Host mc.felinewtih.me
HostName mc.felinewith.me
User git
```
## Git
```example.gitconfig
[user]
name = My Name
email = [email protected]
[core]
excludesfile = ~/.gitignores_global
```
## Maven
No configuration changes necessary. 😺
[SSH Keys]: https://felinewith.me/profile/keys
src/site/site.xml 0 → 100644
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/DECORATION/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/DECORATION/1.0.0 http://maven.apache.org/xsd/decoration-1.0.0.xsd">
<skin>
<groupId>org.apache.maven.skins</groupId>
<artifactId>maven-fluido-skin</artifactId>
<version>1.6</version>
</skin>
<custom>
<fluidoSkin>
<sideBarEnabled>true</sideBarEnabled>
<topBarEnabled>true</topBarEnabled>
<navBarStyle>navbar-inverse</navBarStyle>
<copyrightClass>pull-right</copyrightClass>
<breadcrumbDivider>&raquo;</breadcrumbDivider>
<sourceLineNumbersEnabled>true</sourceLineNumbersEnabled>
</fluidoSkin>
</custom>
<version position="right" />
<publishDate position="right" format="EEE, d MMM yyyy @ H:mm:ss Z" />
<!-- poweredBy>
<logo name="VOCASystem.Net" href="https://dev.vocasystem.net/" alt="VOCASystem.Net"
img="http://static.vocasystem.net/vocasystem.net/images/vocasystem.net-black.png" />
</poweredBy -->
<body>
<breadcrumbs>
<item name="${project.name} (${project.fulltag})" href="${project.url}" />
</breadcrumbs>
<menu name="Documentation" ref="docs">
<item name="Our Server" href="server-overall.html" />
</menu>
<menu name="Configuration" ref="config">
<item name="Your Tools" href="your-tools.html" />
<item name="GitLab" href="gitlab.html" />
<item name="nginx" href="nginx.html">
<item name="nginx GitLab" href="nginx-gitlab.html" />
<item name="nginx GitLab Pages" href="nginx-gitlab-pages.html" />
<item name="nginx Archiva" href="nginx-archiva.html" />
</item>
</menu>
<menu name="Project Information" ref="reports" inherit="bottom" />
<menu ref="modules" inherit="bottom" />
</body>
</project>
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!